4214c0dab7f46e1563e0d8333693c38f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4214c0dab7f46e1563e0d8333693c38f_JaffaCakes118
Size

158KB
MD5

4214c0dab7f46e1563e0d8333693c38f
SHA1

96a413a85c7d289c16e7d3716ea317b98dc894fe
SHA256

0628abbb1d9c999f3146486e3917a826f24180569acc8e62c9756b76f7c3020d
SHA512

a762a446a4a60c3a79336e41caeadb07d38036dbcbc49d5793a45c2a70fa44dccd900d39c22d60d82513c7247267e94bcbae743d792a6b1deb93c6d70e7ad03f
SSDEEP

3072:4oGNaxAHlFprspYo1lLLSYNY4TGZ6NQ0QMebKIXZ0EbOiKf75msC2vXGW+2yKZWU:gamHlFWpHLFNaZ6hQMyKIXfyjbCkjjWW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4214c0dab7f46e1563e0d8333693c38f_JaffaCakes118

Files

4214c0dab7f46e1563e0d8333693c38f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6aad67a7cd7648fe6e4b9c82e95eca3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

user32

CharNextA
DispatchMessageW
GetWindowRect
EndDialog
CharNextW
DialogBoxParamW
CharUpperW
GetDC
ExitWindowsEx
GetDlgItem
DestroyWindow
CreateDialogParamW
GetDlgItemTextW
EnableWindow
ReleaseDC
GetDesktopWindow
GetSystemMetrics
PeekMessageW
ShowWindow
MessageBoxW
MsgWaitForMultipleObjects
MessageBeep
IsWindow
SendMessageW
CharPrevW
SetWindowTextW
UpdateWindow
SetWindowPos
LoadStringW
SetDlgItemTextW
SendDlgItemMessageW
OemToCharA

rpcrt4

RpcStringFreeW

ntdll

NtAllocateVirtualMemory
NtLoadKey

gdi32

GetStockObject
DeleteObject
CreateFontIndirectW
GetObjectW
GetDeviceCaps

msvcrt

memcpy
_initterm
_vsnwprintf
_ultow
_XcptFilter
_amsg_exit
free
_adjust_fdiv
__p__fmode
malloc
_wcsnicmp
_wtoi
memset
memmove
__p__commode
_setjmp3
_vsnprintf
_wtol
_wcsicmp

advapi32

RegUnLoadKeyW
RegCloseKey
RegLoadKeyW
RegQueryValueExA
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueW
RegQueryValueExW
FreeSid
RegSetValueW
EqualSid
RegQueryInfoKeyW
IsValidSecurityDescriptor
AllocateAndInitializeSid
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegDeleteKeyW
GetSecurityDescriptorControl
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
RegSaveKeyW
GetTokenInformation

shlwapi

StrChrW
PathBuildRootW
PathAppendW
PathAddBackslashW
PathFileExistsW
StrRChrW
StrStrIW
PathCombineW
PathRemoveFileSpecW

setupapi

SetupFindNextLine
SetupCloseInfFile
SetupDefaultQueueCallbackW
SetupOpenAppendInfFileW
SetupOpenFileQueue
SetupSetDirectoryIdW
SetupGetLineTextW
SetupFindFirstLineW
SetupGetStringFieldW
SetupQueueCopyW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupCommitFileQueueW
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupOpenInfFileW

kernel32

GetUserDefaultUILanguage
FindFirstFileW
UnhandledExceptionFilter
GetVolumeInformationW
CompareStringW
CreateDirectoryW
FindNextFileW
Sleep
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
FindResourceExW
FreeLibrary
GetFileTime
GetDriveTypeW
DisableThreadLibraryCalls
WriteFile
GetDiskFreeSpaceW
TerminateProcess
GetSystemDefaultUILanguage
lstrcmpiW
GetCurrentProcess
GetPrivateProfileSectionW
FindResourceW
QueryPerformanceCounter
ReadFile
LocalFree
SetFilePointer
GetModuleHandleW
SearchPathW
LoadLibraryW
RtlUnwind
lstrlenA
GetVersionExW
GetWindowsDirectoryW
MoveFileW
GetShortPathNameW
SizeofResource
GetSystemTimeAsFileTime
SetLastError
SetFileTime
InterlockedExchange
GetFileAttributesW
lstrcmpiA
lstrcmpW
GetSystemDirectoryW
GetLocalTime
UnmapViewOfFile
GetFullPathNameW
GetPrivateProfileIntW
GetEnvironmentVariableW
MapViewOfFile
WideCharToMultiByte
GetCurrentThreadId
InterlockedCompareExchange
GetCurrentProcessId
GetFileSize
GetTickCount
CloseHandle
CreateFileMappingW
LoadLibraryExW
CopyFileW
MoveFileExW
GetModuleFileNameW
GetSystemInfo
LockResource
DeleteFileW
CreateProcessW
GetTempFileNameW
FormatMessageW
ExitProcess
EnumResourceLanguagesW
SetFileAttributesW
lstrlenW
GetProcAddress
CreateFileW
GetProfileStringW
GetStartupInfoA
MulDiv
MapViewOfFileEx
GetTempPathW
FindClose
WritePrivateProfileStringW
MultiByteToWideChar
LocalReAlloc
GetPrivateProfileStringW
WritePrivateProfileSectionW
GetLastError

ole32

OleInitialize
CoTaskMemFree
OleUninitialize

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6aad67a7cd7648fe6e4b9c82e95eca3b

Headers

DLL Characteristics

File Characteristics

Imports

version

user32

rpcrt4

ntdll

gdi32

msvcrt

advapi32

shlwapi

setupapi

kernel32

ole32

Sections

.text Size: 8KB - Virtual size: 7KB

.reloc Size: 512B - Virtual size: 36B

.rsrc Size: 145KB - Virtual size: 144KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 360KB

.text
Size: 8KB - Virtual size: 7KB

.reloc
Size: 512B - Virtual size: 36B

.rsrc
Size: 145KB - Virtual size: 144KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 360KB